From 2bcc8e54b2dd981cebb2054f0468d0d95b3dc663 Mon Sep 17 00:00:00 2001
From: Andrew Johnson <blackandred@users.noreply.github.com>
Date: Sat, 23 Mar 2019 09:24:13 +0100
Subject: [PATCH] Added support for watchtower

---
 .env-default                                  |  5 ++++
 apps/conf/docker-compose.health.yml           |  2 ++
 .../conf/docker-compose.service-discovery.yml |  3 ++
 apps/conf/docker-compose.smtp.yml             |  2 ++
 apps/conf/docker-compose.ssl.yml              |  2 ++
 apps/conf/docker-compose.technical.yml        |  2 ++
 .../docker-compose.backup.yml.example         |  2 ++
 .../docker-compose.dashboard.yml.example      |  1 +
 .../templates/docker-compose.db.yml.example   |  4 +++
 .../docker-compose.deployer.yml.example       |  2 ++
 .../docker-compose.updates.yml.example        | 17 +++++++++++
 .../docker-compose.uptimeboard.yml.example    |  1 +
 docs/source/features.rst                      | 28 +++++++++++++++++++
 13 files changed, 71 insertions(+)
 create mode 100644 apps/conf/templates/docker-compose.updates.yml.example

diff --git a/.env-default b/.env-default
index 523ec99..b7c2e15 100644
--- a/.env-default
+++ b/.env-default
@@ -55,3 +55,8 @@ BACKUPS_CONTAINER=backup
 
 # backups collections, collection per container/backup point
 BACKUPS_PORTAINER_COLLECTION_ID=11111-2222-3333-4444
+
+# watchtower
+WATCHTOWER_INTERVAL=10
+WATCHTOWER_SLACK_HOOK=https://mattermost.anarchista.net/hooks/hxs9ebij57r15k1i6hz1dp6s6e
+WATCHTOWER_IDENTIFIER="CIA-ZSP Watchtower"
diff --git a/apps/conf/docker-compose.health.yml b/apps/conf/docker-compose.health.yml
index ed88927..acfe1d3 100644
--- a/apps/conf/docker-compose.health.yml
+++ b/apps/conf/docker-compose.health.yml
@@ -14,3 +14,5 @@ services:
             - VIRTUAL_PORT=8000
             - LETSENCRYPT_HOST=health.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/docker-compose.service-discovery.yml b/apps/conf/docker-compose.service-discovery.yml
index 6dd2762..8602887 100644
--- a/apps/conf/docker-compose.service-discovery.yml
+++ b/apps/conf/docker-compose.service-discovery.yml
@@ -10,6 +10,7 @@ services:
         restart: unless-stopped
         labels:
             - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true
+            - com.centurylinklabs.watchtower.enable=true
         ports:
           - "80:80"
           - "443:443"
@@ -32,6 +33,7 @@ services:
         restart: always
         labels:
             - com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true
+            - com.centurylinklabs.watchtower.enable=true
         command: "-notify-sighup ${COMPOSE_PROJECT_NAME}_gateway_1 -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf"
         volumes_from:
             - gateway
@@ -46,3 +48,4 @@ services:
 
             # @debugging: It may be useful to disable HSTS when the SSL setup is not ready yet
             - HSTS=on
+
diff --git a/apps/conf/docker-compose.smtp.yml b/apps/conf/docker-compose.smtp.yml
index bb9d542..e43788a 100644
--- a/apps/conf/docker-compose.smtp.yml
+++ b/apps/conf/docker-compose.smtp.yml
@@ -14,4 +14,6 @@ services:
             - "25"
         env_file:
             - .env
+        labels:
+            com.centurylinklabs.watchtower.enable: true
 
diff --git a/apps/conf/docker-compose.ssl.yml b/apps/conf/docker-compose.ssl.yml
index 4786661..cbd1434 100644
--- a/apps/conf/docker-compose.ssl.yml
+++ b/apps/conf/docker-compose.ssl.yml
@@ -19,3 +19,5 @@ services:
 
             # @debugging: Enable to test if the Letsencrypt is properly configured
             #- ACME_CA_URI=https://acme-staging.api.letsencrypt.org/directory
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/docker-compose.technical.yml b/apps/conf/docker-compose.technical.yml
index b3ed97d..32396cd 100644
--- a/apps/conf/docker-compose.technical.yml
+++ b/apps/conf/docker-compose.technical.yml
@@ -17,3 +17,5 @@ services:
             - VIRTUAL_PORT=9000
             - LETSENCRYPT_HOST=a2.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.backup.yml.example b/apps/conf/templates/docker-compose.backup.yml.example
index db6221e..b908bd5 100644
--- a/apps/conf/templates/docker-compose.backup.yml.example
+++ b/apps/conf/templates/docker-compose.backup.yml.example
@@ -17,3 +17,5 @@ services:
 
         restart: on-failure
         mem_limit: 80000000 # 80M
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.dashboard.yml.example b/apps/conf/templates/docker-compose.dashboard.yml.example
index 41258ec..53a2e71 100644
--- a/apps/conf/templates/docker-compose.dashboard.yml.example
+++ b/apps/conf/templates/docker-compose.dashboard.yml.example
@@ -20,3 +20,4 @@ services:
             org.docker.services.dashboard.description: 'Dashboard - a list of all hosted websites running on this network'
             org.docker.services.dashboard.icon: 'pe-7s-browser'
             org.docker.services.dashboard.only_for_admin: false
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.db.yml.example b/apps/conf/templates/docker-compose.db.yml.example
index f31dd69..c76269d 100644
--- a/apps/conf/templates/docker-compose.db.yml.example
+++ b/apps/conf/templates/docker-compose.db.yml.example
@@ -22,6 +22,8 @@ services:
             - MYSQL_PASSWORD=${MYSQL_PASSWORD}
             - MYSQL_DATABASE=${MYSQL_DATABASE}
             - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
 
 
     #
@@ -39,3 +41,5 @@ services:
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
         expose:
             - "80"
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.deployer.yml.example b/apps/conf/templates/docker-compose.deployer.yml.example
index 551f93c..6dfd98e 100644
--- a/apps/conf/templates/docker-compose.deployer.yml.example
+++ b/apps/conf/templates/docker-compose.deployer.yml.example
@@ -14,3 +14,5 @@ services:
             - VIRTUAL_PORT=8012
             - LETSENCRYPT_HOST=deploy.${MAIN_DOMAIN}${DOMAIN_SUFFIX}
             - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.updates.yml.example b/apps/conf/templates/docker-compose.updates.yml.example
new file mode 100644
index 0000000..ea8c7a5
--- /dev/null
+++ b/apps/conf/templates/docker-compose.updates.yml.example
@@ -0,0 +1,17 @@
+version: "2"
+services:
+    #
+    # Automatically does a docker pull for tagged services with "com.centurylinklabs.watchtower.enable" tag
+    #
+    autoupdater:
+        image: v2tec/watchtower
+        command: "--label-enable --interval ${WATCHTOWER_INTERVAL} --cleanup"
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /root/.docker/config.json:/config.json
+        environment:
+            - WATCHTOWER_NOTIFICATIONS=slack
+            - WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=${WATCHTOWER_SLACK_HOOK}
+            - WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER=${WATCHTOWER_IDENTIFIER}
+        labels:
+            com.centurylinklabs.watchtower.enable: true
diff --git a/apps/conf/templates/docker-compose.uptimeboard.yml.example b/apps/conf/templates/docker-compose.uptimeboard.yml.example
index d38e980..f44a084 100644
--- a/apps/conf/templates/docker-compose.uptimeboard.yml.example
+++ b/apps/conf/templates/docker-compose.uptimeboard.yml.example
@@ -20,3 +20,4 @@ services:
             org.docker.services.dashboard.description: 'Applications health monitoring'
             org.docker.services.dashboard.icon: 'pe-7s-angle-down-circle'
             org.docker.services.dashboard.only_for_admin: false
+            com.centurylinklabs.watchtower.enable: true
diff --git a/docs/source/features.rst b/docs/source/features.rst
index 0879be9..aa3117b 100644
--- a/docs/source/features.rst
+++ b/docs/source/features.rst
@@ -182,3 +182,31 @@ Example cases:
 
 .. _file-repository: https://github.com/riotkit-org/file-repository
 .. _file-repository.docs.riotkit.org: https://file-repository.docs.riotkit.org/en/latest/client/configuration-reference.html
+
+Automatic containers update
+---------------------------
+
+Watchtower_ keeps an eye on containers marked with *com.centurylinklabs.watchtower.enable* label.
+Each container's image is checked for update availability, if an update is available then it's pulled from registry
+and the container is re-created on a new version of image.
+
+Downtime is minimized by pulling newer versions of images at first, then re-creating containers in proper order.
+Linked containers dependency chain is respected, so the containers are re-created in proper order.
+
+To enable Watchtower, just use a template "docker-compose.updates.yml.example", copy it to the conf directory with removing ".example" suffix.
+
+**Configuration**
+
+By default there are a few example variables extracted into the environment. You may adjust it to your needs, turn off notifications,
+or switch notifications from slack/mattermost to e-mail.
+
+Check Watchtower_ documentation for detail.
+
+.. code:: bash
+
+    # watchtower
+    WATCHTOWER_INTERVAL=1800
+    WATCHTOWER_SLACK_HOOK=...
+    WATCHTOWER_IDENTIFIER="Watchtower"
+
+.. _Watchtower: https://github.com/v2tec/watchtower